## START: Set by rpmautospec ## (rpmautospec version 0.3.5) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 2; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec # keylime-agent-rust.spec # Generated by rust2rpm 20 %bcond_without check %global crate keylime_agent %if 0%{?rhel} # RHEL: Use bundled deps as it doesn't ship Rust libraries %global bundled_rust_deps 1 %global __brp_mangle_shebangs_exclude_from ^/usr/src/debug/.*$ %else # Fedora: Use only system Rust libraries %global bundled_rust_deps 0 %endif Name: keylime-agent-rust Version: 0.2.2 Release: %{?autorelease}%{!?autorelease:1%{?dist}} Summary: Rust agent for Keylime # Upstream license specification: Apache-2.0 # # The build dependencies have the following licenses: # # 0BSD or MIT or ASL 2.0 # ASL 2.0 # ASL 2.0 or Boost # ASL 2.0 or MIT # ASL 2.0 with exceptions # BSD # MIT # MIT or ASL 2.0 # MIT or ASL 2.0 or zlib # MIT or zlib or ASL 2.0 # Unlicense or MIT # zlib or ASL 2.0 or MIT # License: (Apache-2.0 OR MIT) AND BSD-3-Clause AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND Apache-2.0 WITH LLVM-exception AND ISC AND MIT AND (MIT OR Unlicense) URL: https://github.com/keylime/rust-keylime/ # The source tarball is downloaded using the following commands: # spectool -g keylime-agent-rust.spec Source0: %{url}/archive/refs/tags/v%{version}.tar.gz # The vendor tarball is created using cargo-vendor-filterer to remove Windows # related files (https://github.com/cgwalters/cargo-vendor-filterer) # tar xf rust-keylime-%%{version}.tar.gz # cd rust-keylime-%%{version} # cargo vendor-filterer --platform x86_64-unknown-linux-gnu \ # --platform powerpc64le-unknown-linux-gnu \ # --platform aarch64-unknown-linux-gnu \ # --platform i686-unknown-linux-gnu \ # --platform s390x-unknown-linux-gnu \ # --exclude-crate-path "libloading#tests" # tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor Source1: rust-keylime-%{version}-vendor.tar.xz ## Patches for building from system Rust libraries (Fedora) # Drop completely the legacy-python-actions feature Patch1: rust-keylime-metadata.patch ExclusiveArch: %{rust_arches} Requires: tpm2-tss Requires: util-linux-core # The keylime-base package provides the keylime user creation. It is available # from Fedora 36 %if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 Requires: keylime-base %endif BuildRequires: systemd BuildRequires: openssl-devel BuildRequires: libarchive-devel BuildRequires: tpm2-tss-devel BuildRequires: clang %if 0%{?bundled_rust_deps} BuildRequires: rust-toolset %else BuildRequires: rust-packaging >= 21-2 %endif # Virtual Provides to support swapping between Python and Rust implementation Provides: keylime-agent Conflicts: keylime-agent %description Rust agent for Keylime %prep %autosetup -n rust-keylime-%{version} -N %if 0%{?bundled_rust_deps} # Source1 is vendored dependencies %cargo_prep -V 1 %autopatch -m 100 -p1 %else %autopatch -M 99 -p1 %cargo_prep %generate_buildrequires %cargo_generate_buildrequires %endif %build %cargo_build %install mkdir -p %{buildroot}/%{_sharedstatedir}/keylime mkdir -p --mode=0700 %{buildroot}/%{_rundir}/keylime mkdir -p --mode=0700 %{buildroot}/%{_libexecdir}/keylime mkdir -p --mode=0700 %{buildroot}/%{_sysconfdir}/keylime mkdir -p --mode=0700 %{buildroot}/%{_sysconfdir}/keylime/agent.conf.d install -Dpm 400 keylime-agent.conf \ %{buildroot}%{_sysconfdir}/keylime/agent.conf install -Dpm 644 ./dist/systemd/system/keylime_agent.service \ %{buildroot}%{_unitdir}/keylime_agent.service install -Dpm 644 ./dist/systemd/system/var-lib-keylime-secure.mount \ %{buildroot}%{_unitdir}/var-lib-keylime-secure.mount # Setting up the agent to use keylime:keylime user/group after dropping privileges. cat > %{buildroot}/%{_sysconfdir}/keylime/agent.conf.d/001-run_as.conf << EOF [agent] run_as = "keylime:keylime" EOF install -Dpm 0755 \ -t %{buildroot}%{_bindir} \ ./target/release/keylime_agent install -Dpm 0755 \ -t %{buildroot}%{_bindir} \ ./target/release/keylime_ima_emulator %posttrans chmod 500 %{_sysconfdir}/keylime/agent.conf.d chmod 400 %{_sysconfdir}/keylime/agent.conf.d/*.conf chmod 500 %{_sysconfdir}/keylime chown -R keylime:keylime %{_sysconfdir}/keylime %preun %systemd_preun keylime_agent.service %systemd_preun var-lib-keylime-secure.mount %postun %systemd_postun_with_restart keylime_agent.service %systemd_postun_with_restart var-lib-keylime-secure.mount %files %license LICENSE %doc README.md %attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime %attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime/agent.conf.d %config(noreplace) %attr(400,keylime,keylime) %{_sysconfdir}/keylime/agent.conf.d/001-run_as.conf %config(noreplace) %attr(400,keylime,keylime) %{_sysconfdir}/keylime/agent.conf %{_unitdir}/keylime_agent.service %{_unitdir}/var-lib-keylime-secure.mount %attr(700,keylime,keylime) %dir %{_rundir}/keylime %attr(700,keylime,keylime) %{_sharedstatedir}/keylime %attr(700,keylime,keylime) %{_libexecdir}/keylime %{_bindir}/keylime_agent %{_bindir}/keylime_ima_emulator %if %{with check} %check %cargo_test %endif %changelog * Wed Aug 02 2023 Anderson Toshiyuki Sasaki - 0.2.2-2 - Update test plan - Fix regex to avoid running unwanted tests. - Add setup step to enable keylime debug messages. * Thu Jul 13 2023 Anderson Toshiyuki Sasaki - 0.2.2-1 - Update to upstream version 0.2.2 * Thu Jul 13 2023 Anderson Toshiyuki Sasaki - 0.2.1-5 - Migrate to SPDX License * Fri Jun 02 2023 Yaakov Selkowitz - 0.2.1-4 - Require keylime-base on RHEL * Fri Jun 02 2023 Anderson Toshiyuki Sasaki - 0.2.1-3 - Add BuildRequires on clang regardless of the target * Thu Apr 27 2023 Anderson Toshiyuki Sasaki - 0.2.1-2 - Enable Fedora CI tests * Thu Apr 27 2023 Anderson Toshiyuki Sasaki - 0.2.1-1 - Update to upstream version 0.2.1 * Wed Feb 15 2023 Yaakov Selkowitz - 0.1.0-4 - Fix RHEL build with tpm2-tss v4 * Thu Jan 19 2023 Fedora Release Engineering - 0.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Nov 22 2022 Yaakov Selkowitz - 0.1.0-2 - Fix build with bundled dependencies * Wed Nov 02 2022 Anderson Toshiyuki Sasaki - 0.1.0-1 - Update to upstream version 0.1.0 * Fri Aug 05 2022 Daiki Ueno - 0.1.0~20220603gitaed51c7-3 - Fix version requirement for clap to avoid FTBFS in Fedora * Thu Jul 21 2022 Fedora Release Engineering - 0.1.0~20220603gitaed51c7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jul 01 2022 Anderson Toshiyuki Sasaki - 0.1.0~20220603gitaed51c7-1 - Update, add services, and drop dependencies - Update to aed51c7 commit - Require keylime-base on Fedora >= 36 - Update clap dependency - Drop rustc-serialize and flate2 dependencies - Make wiremock an optional dependency and re-enable tests - Fix serialization of structures in quotes to fix issue on big-endian - Add systemd services for the agent and secure mount - BuildRequire systemd for the services - Use more descriptive error messages on missing files errors - Set supplementary groups when dropping privileges - Create /usr/libexec/keylime directory * Fri Jun 03 2022 Daiki Ueno - 0.1.0~20220602gitc98e381-1 - Update to latest snapshot to bump dependencies * Mon Jan 24 2022 Daiki Ueno - 0.1.0~20211110gitd5a3191-1 - Initial package